“We all play duplicative roles, which is why a network model is what we built as the solution for this open-access problem. So it’s much more complex than, the fintechs are on one side and the banks are another.”
Amidst the litigious frenzy that threw the future of open banking in the air, SOLO, a data-collection platform and privatized bureau backed by BankTech Ventures, announced the launch of its Customer Data Clearinghouse, positioning itself as a successor to consortia like The Clearing House and Early Warning Services — as well as a competitor to data aggregators like Plaid, Finicity, MX, and others.
With the Consumer Financial Protection Bureau announcing a return to the drawing board for Section 1033-related rulemaking, SOLO — in addition to banks, fintechs, data aggregators, and a slew of other entities — has an opportunity to reshape open-banking statutes in its image. On Tuesday, SOLO hosted a Town Hall featuring former Congressman Barney Frank (of, you know, Dodd-Frank), Jim McCarthy (founding member of the CFPB leadership team), Andrew Yang, and others to discuss the future of open-banking regulation.
Frank seemed to agree with SOLO’s core thesis during the event, calling for “a solution that rewards institutions for the trust they build.”
Leading up to the event, Georgina Merhom, CEO and Founder of SOLO, spoke with Fintech Nexus about open banking, proposing core tenets the CFPB should prioritize as it drafts new rules.
The following has been edited for length and clarity.
We’ve been following the SOLO story, especially since the data-sharing network came out of stealth in July. It seems the network’s path forward really hinges upon how Section 1033 is interpreted, or how this revised round of rulemaking shapes out in the coming months. How is SOLO building out its network with 1033’s up-in-the-air-ness in mind?
SOLO, in its current form, is compliant with the old 1033 ruling. The old ruling mandates free portability of data under three specific data types that institutions must make portable for customers with their consent. So 1033 governs transactions. KYC information, assets, and account status — anything outside of that is outside of the scope of 1033.
SOLO operates on all data types. We operate on first-party data, meaning data provided by the consumer, whether that be during an application or in the middle of a workflow, like a compliance workflow, or during onboarding. That’s first-party data that is made reusable with the customer’s consent across institutions, and the goal with that is for institutions to not repeat the same work, but for the customer to not have to reintroduce themselves.
The second data type is around relationship data. So the bank may have had a certain experience with you, whether that be fraud, or whether that’s a positive experience, or relationship length, or repayment. And that is data that is also out of scope for 1033, but is provided to us.
The third data type is third-party data. Think of it as bureau data, aggregator data, as KYB/KYC data, and that is also a data type within SOLO that is made reusable across the network. Why are we having this conversation if we are 1033 compliant as it is today? In its current form, 1033 is a reflection of the contentious debate around the future of open banking, because what 1033 did was essentially just codify and legalize open banking in its current form, which, by the looks of it, no one seems to like. So our goal is to provide the path for resolution in the context of a network model where incentives can be aligned with the costs.
You said nobody likes 1033, or nobody likes this ultimate iteration of how things are structured as it relates to open banking. At the same time, you see the Financial Technology Association and a who’s who in fintech and crypto signing an open letter defending open banking.
They also were the same people who initially contested the original ruling, and they’ve now changed their tune…Today, there’s only one way to facilitate open access, and that is what they’re fighting to protect, because the alternative of having no access is worse — but there’s more to it. I think that this entire rule has been written with people divided by function: You are a fintech, you are an aggregator, you are a bank. The reality is an institution can be both a consumer and a provider of data. An aggregator can be both a consumer and a provider of data. A fintech can be both a consumer and a provider of data. When you look at it through that lens, you realize that all the banks and fintechs actually want is parity and to all play by the same rules. We are advocating for consumer data portability that does not end at the first transfer of data, that does not end after an aggregator collects it from an institution. It ends once the service has been fulfilled and the consumer has access to service.
We all play duplicative roles, which is why a network model is what we built as the solution for this open-access problem. So it’s much more complex than, the fintechs are on one side and the banks are another. The ones that are in that letter are just fighting for consumer portability, and there is no other alternative — but that, in and of itself, shows the vulnerability of our system. If overnight open access can be completely dismantled because you have misaligned incentives, that just shows the volatility and the vulnerability of the entire infrastructure around consumer access.
What are you advocating for as these rules are being rewritten?
Consumer portability must exist past the first transfer of data. That applies to everyone: institutions, fintechs, aggregators.
The second one is usage codes: If you are consuming data because you are acting on behalf of the customer to port data from one institution to another, or building R&D models or even selling it to hedge funds for behavioral data, those need to be properly scoped. We view this as a three-code usage system. In our model, [R&D use of data means] you owe royalties to the institutions. We believe that if you are selling the customer data to a hedge fund, the consumer should get dividends. The CFPB won’t govern that, but in SOLO’s model, that’s the case.
The third ask is around data lineage. Today, data portability in 1033 assumes that institutions are always the ones providing data when that’s not necessarily true. We need a track record to be usable by institutions, just like the track record from institutions that is trusted by the non-banks. And so to do that, we need an infrastructure that has lineage and auditability, and provenance over how the data got there. Because the true value of open banking and this conversation around monetization is really a conversation about where its value is. And the value is in the fact that these institutions are regulated, and there’s implied lineage to their data.
If I am taking a transcript of transactions on you as a customer from a bank, I know the source of funds has been vetted and passed AML checks. I know that that address has been verified in some way, shape, or form. If I’m taking it from a payday lender, that’s the Wild West. And in the same way, we’re ingesting data from banks, which is just taking the outputs of the banks and trusting that there’s work that went into it; that can’t be how we take data from unregulated institutions. Porting their track record into institutions and having this one-way open access infrastructure is actually very dangerous, because it means that institutions can’t service you, and your only option is these high-interest non-bank lenders. There is no way for that track record to ever be usable again by an institution. So those are the three asks: portability goes both ways, usage codes, lineage.
There’s been concern about the effect that changes to open banking regulations will have on end-users and the cost of the products they use. What do you see happening as Section 1033 gets reinterpreted?
Two parts to this. I think we have to all recognize the fact that up until this point, data portability has been a subsidized service. The second part of this question is we believe that customer data portability will always be free. As a consumer, your data is yours: There is no question about that. We don’t think that portability ends with us. We also believe in incentive alignment. The goal is to have institutions vouching for the consumers, versus treating the data like it’s proprietary, and so in our model, it’s not, Are we going to charge more because we’re paying the institutions? We’re just fixing who gets paid.
We’re uniquely positioned in that SOLO has been around now for a couple of years, and our primary role in the ecosystem has been to essentially do all the manual work that banks and lenders do in collecting this data. And we know that’s not free. We know that’s not free because there’s a $30 billion annual spend as an industry on all the manual work that goes into servicing the customer, into getting the data right and compliant, passing all the AML checks, resolving information that is inconsistent across different databases, and maintaining that relationship. We believe in a system that rewards relationship building between institutions and actually assigns responsibility to the institutions to vouch for consumers and actually help them when they need any other service.
Chairman Barney Frank is going to speak on this tomorrow: The Dodd-Frank Act was built to actually make institutions more accountable to consumers, and the intention was to make them more accountable to consumers for fair economic access. Because innovation came before regulation,innovation came to be viewed as something that needed to be tamed and de-risked. I think the last round of rulemaking wasn’t solved from a first-principles perspective, or with the same intention that the Dodd-Frank Act was actually written in. And I think that this is a very healthy conversation to have now, because we need to be able to empower consumers, and we need to be placing accountability on institutions to vouch for their consumers to enable economic access, but we need to make sure that that reality captures the reality of the financial landscape today, which is that we have a lot of underbanked and underprivileged people that don’t even have bank accounts or don’t have financial products with banks, live outside of the financial ecosystem, and need to find their way back.
The CFPB, to say the least, is operating at a much smaller scale than it was nine months ago. I’m curious how, if at all, you anticipate the CFPB playing a role within a revised open-banking framework given its current limitations.
I have a lot of empathy for them operating at a very small scale. With this being one of the most contested rulings in a very long time, I think they’re doing a great job. We’ve been working with the CFPB and their markets team, and I’ll say they are very receptive to different perspectives. Our role in this, we believe, is to convene people that might not always agree on everything, but we think we’ve built a model that puts consumers and institutions and fintechs — and some aggregators that are willing to play by the same rules — on the same side and and hopefully kind of show the the path towards resolution that can end a lot of this this debate on a note that ultimately serves the consumer, but maintains the value of institutional trust, and maintains the original intent behind the Dodd-Frank Act. So you might not think that Barney Frank and Jamie Dimon would agree on anything, but SOLO is the one thing that I think both players can agree on in terms of servicing both consumers and incentivizing institutions to take accountability for their consumers without the middlemen. We hope that by convening a lot of conflicting voices that we’re helping make it easier.
